NYX WORK Terms and Conditions
1. General aspects
Terms and Conditions (named herein the "Terms and Conditions") govern the relationship between NYX Work SRL, a limited liability company governed by Romanian law, with its headquarters in ……………………. Street, No. ……………., Bucharest, Romania (named herein the "The Company ") and the persons using (named herein the "the User") the site www.nyx.work (named herein the "Site").
Accessing and using the Site, the User agrees to all of these Terms and Conditions, including the Privacy and Cookie Policy[insert link].
Creating User Account on this Site, the User declares that it is agreeing to enter into a legally binding contract with "The Company ".
The Agreement (named herein “Contract” or “Agreement”), is formed by (i) Terms and Conditions, (ii) Privacy and Cookie Policy, (iii) Data Processing Agreement (named herein “DPA”, applicable for the Recruiter Users located in EU or EEA) and (iv) Standard contractual clauses for the transfer of personal data from the Community to third countries (applicable for the Recruiter Users located outside of EU or EEA). If the User does not agree to this Contract, it does not access or otherwise use the Site. If the User wishes to terminate the contract, at any time it can do by closing the User Account.
The Company may make changes to the Contract. In order to ensure compliance with the contract, the User must check the terms and conditions of use at the time of each access to the Site.
The Company agrees that changes cannot be retroactive. If the User objects to any changes, it may close the account. Continuing the use of the Site after the publish / notice the changes to the contract means that User are consenting to the updated terms as of their effective date.
2. Description of services
The Company provides access to the users who only visit the Site (named herein the Visitor User), users who are seeking a job (upload the CV on the site, named herein the ‘User Candidate’) and users, legal entities or authorized individuals who post jobs or search candidates for certain jobs (named herein the ‘User Recruiter’). The users also understand and agree that the Service may include advertisements. The access to some of Company services may be fee-based. The subscription payment will be based on an invoice, issued in Romanian currency Lei for the Romanian companies and in Euro currency for the rest of the companies, conversion being performed on the invoice emitting date. The access to some services is conditional and will be allowed after the payment is confirmed and the transfer into the Company account is made.
3. User Obligations
3.1 User account creation, passwords, and responsibilities
Account creation
In order to benefit from the Services, users must create an User Account by filling in the forms available in the "NEW ACCOUNT" section.
In order to use the Services offered by the Site, it is necessary to:
- provide true, accurate, and complete data about you by filling in the fields in the Registration Form for User Account Creation;
- update the registration data to be true, accurate, and complete at all times when the situation so requires.
For legal entities, Recruiter Users have the obligation to provide us with real information about the name, address, e-mail, telephone, name and surname of the contact person/empowered person/ representative person and fiscal/VAT code. The legal entities - the Recruiter Users have to be fiscal active (to fill in the valid VAT number in the dedicated field in the user account and the registration in the state of residence.
If user provides non-conforming, inaccurate or incomplete information, the Site has the right to suspend or block your account and refuse all current or future attempts to use the Site. In case of inaccurate information or of fraud attempts from the Recruiter Users, the Company has the right, at any moment of the contractual relationship or to terminate the contractual relationship, without any liability to the Recruiter Users in default.
The Company does not respond in any way to the information and data posted, disseminated or transmitted by its Users. If requested by a User, the Company may investigate and verify the allegations and decide whether the information should be removed.
Password
User is the account holders. User agrees to: (1) use a strong password and keep it confidential; (2) not transfer any part of your account.
User will not share an account with anyone else and will follow our rules and the law.
User is responsible for anything that happens through its account unless it close the account or report misuse.
User`s responsibilities:
The user is responsible of its own actions and of the consequences these might have, by posting the materials, upload or make available in the account.
User agrees to not use the service to:
- upload, post, email, transmit or otherwise make available any content that infringes any copyright or other proprietary rights;
- upload, post, email, transmit any content that is obscene, defamatory, harmful, threatening for another user, individual or legal entity or a third party;
-
to post, distribute or transmit material (images, text):
- pornographic, erotic or sexually explicit material of any kind in any form that promotes acts of pedophilia, incest or bestiality
- that promotes hate for certain groups of people, for reasons of: race, ethnic origin, religion, disability, gender, age, veteran status, sexual orientation or identity;
- upload, post, transmit or otherwise make available any material that contains software viruses or any other computer code designed to interrupt or limit the functionality of any computer software
- upload, post, transmit or otherwise make available any content that you do not have a right to make available under any law or under contractual or fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
- to upload, post, email, transmit or otherwise make available any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or any other form of solicitation, except in those areas that are designated for such purpose; It is forbidden to create personal profiles in order to promote: video chat, escort services, erotic massage, or other services of this type. To promote a company or services it is mandatory to use the business profile, in compliance with all terms and conditions specified in this document;
- to have multiple addresses that look alike or are created on the same theme;
- to provide material support or resources about illegal activities or to promote physical or verbal harm against any group or individual, to promote cruelty to animals. This may include (but not limited) to provide information about the way of making, buying or assembling of bombs, grenades or other types of weapons and "crush" sites creation;
- post, transmit in any other way personal information (name, address, phone numbers) or their registration in the sections which may be seen by other users (descriptions, nicknames etc.)
- use the materials obtained through the site for competitive purpose;
- post, transmit any other material that violates in any way the current legislation.
The Company does not guarantee the accuracy, integrity or quality of content submitted by its users and does not underwrites an opinion stated by one of its users.
Candidate Users
Candidate Users can only create a User account if they are at least 16 years of age at the time of creation. Access to the Site and use of the Services is not permitted for persons under 16 years of age.
The Site is an online recruitment platform that gives you the opportunity to create a CV or register a CV, including cover letters, in our database.
CVs uploaded on the Site and your contact details can then be made available to Company Users for recruitment.
You can deactivate or delete your CV from our database at any time or, if you wish, delete your User account. If you disable your CV from the database or delete your user account, recruiters shall no longer have access to your data.
However, as part of the Services provided by the Site, Recruiter Users who have accessed the CV access facility can download or transmit the information available on the Site on their own storage media. In this case, even if we delete your data from our database, Recruiter Users shall still be able to access your data if they have downloaded, copied or extracted them from the Site database. In their capacity of Operators, Recruiter Users are independently responsible for the way they use your data accessed through the Site.
3.3. Recruiter Users
The Site provides you with password-based access to the User Account. Through the Site, Recruiters can search for and select Candidate Users for hiring.
In order to have access to the CVs, the Recruiter User has to buy credits. The payment can be done by credit card or by bank transfer to the Company’s account. A CV can be accessed if you have in your account a minimum of ……credits. The minimum credits amount that can be purchased is of 100 credit (one credit = 1 EUR).. If Recruiter User opts for closing the user account, the credits remains in the account will not be refunded.
In all cases, you understand and agree that you shall not use the data contained in the Candidate User's CVs except for the sole purpose of recruiting staff for the company that published the recruitment notice.
Certain candidates who have chosen to enter their CVs in the database may understand that it is simpler to present a misleading, incomplete, incorrect or aggressive reality to other social categories. Therefore, you should discern before using the information contained in these CVs, before hiring, making an investment or any other action involving the use of funds or own resources or those of third parties. Please contact us if you are aware of the existence of such CVs.
4. Protection of intellectual Property
The content and design of the Site (as well as any other material) and are protected by intellectual property law. User may not use, reproduce, or permit anyone to use or reproduce the materials without the written permission of the Site or its collaborators who own an intellectual property.
User may only use the content of the Site for itself and its company's use within the purpose for which you have registered.
Below actions are not allowed unless prior written permission received from the Company:
- reproducing or storing the content, as well as sending this content to any other site, server or any other means of storing the information;
- modification, publication, transmission, and participation in the transfer, sale, distribution of materials made by reproducing, modifying or displaying the content, unless prior written permission is obtained from us;
- removing the marks that signify the copyright of the site content.
It is also prohibited to use any automated means, including scripts, robot applications, bot, spider, crawler and / or any computer applications / programs that can mislead or simulate certain activities or statuses in the Site or, in any way exploits certain features or vulnerabilities of the Site in order to obtain advantages for itself or for other Users or third parties regarding the use of the Site or the access and use of any Services.
5. Protection of personal data
The Company treats seriously the privacy of the User's personal data. The Privacy and Cookie Policy and aspects of how the Company processes the personal data of Users (including representatives of Recruiter Users) are described in the Privacy and Cookie Policy and is an integrated part of the present Terms and Conditions.
It should also be noted that Recruiter Users act as personal data controllers under the applicable law and as such they have a series of rights and obligations related to the personal data of Candidate Users accessed through Site.
Using the services provided through the Site, Recruiter Users located in EU or EEA accept and agree to comply with the terms and conditions set out in the Data Processing Agreement that is an integrating part of the present terms and conditions (Appendix A).
In addition, in the case of Recruiter User located in third countries that have not been granted an adequate level of protection, they accept and agree to comply with the terms and conditions set out in the Standard Contractual Clauses for the transfer of personal data to third countries approved by the EU Commission (Appendix B).
6. Limitation of the liabilities
The Company reserves the right to suspend, modify, add or delete portions of the site content at any time. In addition, The Company reserves the right to restrict user access to part or all of its content.
The Company may, without any other notice or formality and without any reason, suspend or terminate the User access to the content of the Site or any part of it. In this regard, Site may block access to, use of, or use of any of its other services, or remove and delete any material from the Services for any reason whatsoever. The Company may also, whenever it wishes and without providing justification, interrupt the provision of the Services, or part thereof, with or without prior notice.
The Site cannot guarantee in terms of its content, the correctness, completeness and actuality of the information presented in the Candidate User's CVs and the recruitment announcements posted by the Recruiter Users. To the extent that the applicable law permits, the Company shall not be held in any way liable for any damages directly or indirectly caused by any direct or indirect loss of (including, but not limited to: damages for loss of profits, interruption of business, or other pecuniary damage), suffered as a result of the use or interruption of the use or lack of regularity of the information and Services provided by the Company.
7. Governing Law and Dispute Resolution
In the unlikely event we end up in a legal dispute, you and Company agree to resolve it in Romania courts using Romanian law.
8. Contact
For general inquiries, you may contact us………... For legal notices or service of process, you may write us at………….
Appendix A DATA PROCESSING AGREEMENT (Controller - Controller – UE or EEA)
WHEREAS:
Parties concluded the present Data Processing Agreement at the creation date of user account by Recruiter User, on which ground Parties share Personal Data with each other as separate controllers.
Parties wish to lay down their mutual rights and obligations in this Controller-to-controller agreement with regard to the processing of Personal Data by Parties.
In the performance of the Contract, the Parties process, each of them as data controller, a set of personal data and, therefore, they have the obligation to comply with personal data protection laws, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (herein after named "GDPR")
AGREE AS FOLLOWS:
Definitions
In this Controller-to-controller agreement, the following terms will have the meanings set out below:
Data Processing | the agreement as mentioned in consideration A (herein after Agreement named DPA or Agreement); |
Data Breach: | means each breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed as further described in Article 32 GDPR, and that is likely to have a negative impact on the rights and freedoms of natural persons or a negative impact on the protection of Personal Data that is processed by Processor, as described in Article 33 GDPR; |
Data Subject | the identified or identifiable natural person to whom the Personal Data relates; |
GDPR | the regulation (EU) 2016/679 of the European Parliament and of the Council of the 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); |
Personal Data: | any information relating to an identified or identifiable natural person that Processor processes or has to process based on the Agreement, as defined in the GDPR; |
Processing Operation | a processing operation or a set of processing operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
General
When processing Personal Data, Parties shall respect the obligations set out in this agreement, the obligations set out in the applicable laws and regulations and the obligations as set out in the Privacy Policy of the respective Party.
Parties are considered separate controllers with each Party being able to determine the purpose and means of processing the Personal Data held under its control in accordance with its Privacy Policy.
With respect to the separate controllership of Parties and without the intention of entering into a joint-controllership as defined in article 26 GDPR, this agreement sets out the framework for the sharing of Personal Data between the Parties and defines the principles and procedures that the Parties shall adhere to and the responsibilities the Parties owe to each other.
Parties agree that the shared Personal Data will only be processed as far as is necessary according to the purposes and in order to fulfill the obligations as set out in the Agreement.
Parties guarantee that the processing of Personal Data will be based on the basis of one of the legal grounds expressed in article 6 of the GDPR.
Shared Personal Data
For the duration of the Agreement and for the purposes as listed above, Parties may share the following (types of) Personal Data:
Recruiter User provides the following Personal Data to the Company:
- Name of a representative / contact person / empowered person of Recruiter User which will manage the user account;
- Contact details of the representative / contact person / empowered person of Recruiter User which will manage the user account (e-mail address, telephone number, address)
- cardholder name; depending on the selected payment method, also data relating to your bank account and your debit/credit card details will be processed by our payment provider.
- any other Personal Data that Parties agree to share in writing.
The Company provides the following Personal Data (personal data provided by Candidates in their user account and in their CV) to Recruiter User:
- basic personal data ( full name, age /date of birth, gender, address, e-mail address, telephone number, nationality)
- education & professional experience & affiliations (education & training history, qualifications / certifications, languages , previous and current employer information, previous work history, trade union membership)
- business activities
- family, lifestyle & social circumstances (marital status, ethnicity)
- photographic, video , location information and tracking data
- financial expectations
Parties ensure that their Privacy Policy are in accordance with the GDPR and that Data Subjects are properly informed about data transfer at the date of creation user account on the Site.
Security
Each Party shall implement appropriate technical and organizational measures, including a written information security program that complies with applicable laws and regulations, designed to:
- ensure and protect the security, integrity and confidentiality of the shared Personal Data;
- protect against any unauthorized processing, loss, use, disclosure, acquisition of, or access to any Personal Data.
Data retention
Parties shall not retain or process shared Personal Data longer than is necessary to carry out the purposes and obligations as set out in the Agreement.
Notwithstanding article 6.1, Parties shall retain shared Personal Data in accordance with any statutory or professional retention period applicable in their respective countries and/or industry.
No processing outside of the EEA
Parties will not process shared Personal Data outside of the European Economic Area, unless such processing is compliant with applicable laws and regulations.
Data breaches
Parties will notify each other as soon as possible of any potential or actual loss of shared Personal Data and/or any breach of the technical and/or organizational measures taken (Data Breach), but, in any event, within 24 hours after identifying any potential or actual loss and/or breach.
Parties will provide each other with reasonable assistance as required to facilitate the handling of any Data Breach.
Force Major
Force majeure or fortuitous case, agreed as unpredictable and unrelenting elements, after the entry into force of the contract, which prevents the parties or parties from fulfilling their obligations under the contract, exonerates from liability the part which invoke, under the law
The party invoking force majeure will notify in writing the other party as soon as possible, but no later than 3 days, in accordance with the local law.
Resolutions of disputes and claims related to Personal Data
The parties have concluded this agreement in good faith, thereby understanding that both parties will complete their contractual obligations and will try to resolve the differences regarding this contract.
Any disputes arising out of or in connection with this contract, including its validity, interpretation, execution or termination, shall be settled amicably between the parties.
Any possible misunderstandings that cannot be settled amicably will be brought before the ordinary law court at the Company's headquarters.
If a Data Subject or a Data Protection Authority bring a dispute or claim concerning the processing of shared Personal Data against a Party or both Parties, Parties will inform each other about such disputes or claims and will cooperate with each other as far as permitted by the applicable laws and regulations.
Indemnity
Each Party indemnifies the other Party for any direct or indirect damages resulting from any breach of its obligations under the Agreement, this agreement and/or applicable laws and regulations (including, but not limited to the GDPR).
Commencement, duration and survival
This agreement shall commence on the same date the Agreement commences and shall last until the Agreement ends or for as long as one of the Parties processes Personal Data of the other party.
The obligations set forth in this agreement shall survive the expiration or termination (for whatever reason) of the Agreement for as long as one of the Parties processes Personal Data of the other party.
Nullity
If any provision of this agreement is null and void or cannot be otherwise enforced, the remaining provisions will remain in full force. Parties will then agree on a provision that approximates the scope of the void or unenforceable provision as much as possible
Governing law
All disputes relating to this agreement or its execution or any Personal Data shared between Parties, will be governed by Romanian law.
APPENDIX B - STANDARD CONTRACTUAL CLAUSES for the transfer of personal data from the Community to third countries (controller to controller transfers)
WHEREAS:
Parties concluded the standard contractual clauses at the date of creating the user account by Recruiter User, on which ground Parties share Personal Data with each other as separate controllers.
Parties wish to lay down their mutual rights and obligations in this Controller-to-controller agreement with regard to the processing of Personal Data by Parties.
The Parties shall individually determine the purpose and the means of the Personal Data processing and, in this context, they shall act as Controller.
In the performance of the Contract, the Parties process, each of them as data controller, a set of personal data and, therefore, they have the obligation to comply with personal data protection laws, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (herein after named "GDPR")
Taking into consideration that in accordance wit art. 44 and art. 46 point 2 letter c. from the GDPR, in executing of the contract, parties have to conclude the Standard Contractual Clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council as per Commission Decision of 5 February 2010
Parties have agreed to conclude the Standard contractual clauses as is.
Definitions
For the purposes of the clauses:
- “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);
- “the data exporter” shall mean the controller who transfers the personal data; the Company will have the quality of the data exporter (and herein after named Data Exporter)
- “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection; the Recruiter Users will have the quality of the data exporter (and herein after named Data Importer/ the Recruiter User).
- “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.
The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.
I. Obligations of the data exporter
The data exporter warrants and undertakes that:
- The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.
- It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.
- It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.
- It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond.
- It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.
II. Obligations of the data importer
The data importer warrants and undertakes that:
- It will have in place appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.
- It will have in place procedures so that any third party it authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorized or required by law or regulation to have access to the personal data.
- It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.
- It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses.
- It will identify to the data exporter a contact point within its organization authorized to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).
- At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).
- Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.
- It will process the personal data, at its option, in accordance with:
- the data protection laws of the country in which the data exporter is established, or
- the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorization or decision and is based in a country to which such an authorization or decision pertains, but is not covered by such authorization or decision for the purposes of the transfer(s) of the personal data , or
- he data processing principles set forth in Annex A. Data importer to indicate which option it selects: Initials of data importer:_;
- It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and:
- the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or
- the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or
- data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or
- with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer
III. Liability and third party rights
- Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law.
- The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).
IV. Law applicable to the clauses
These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.
V. Resolution of disputes with data subjects or the authority
- In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
- The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
- Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.
VI.Termination
- In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.
- In the event that:
- the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);
- compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;
- the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;
- a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or
- a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs
- Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.
- The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.
VII. Variation of these clauses
The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.
VIII. Description of the Transfer
The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
ANNEX A - DATA PROCESSING PRINCIPLES
- Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorized by the data subject.
- Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
- Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
- Security and confidentiality: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
- Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling, legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
- Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
- Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
- Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:
- such decisions are made by the data importer in entering into or performing a contract with the data subject, and
- (the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties.
- where otherwise provided by the law of the data exporter.
Annex B - Details of the transfer and of the personal data
Recruiter User provides the following Personal Data to the Company:
- Name of a representative / contact person / empowered person of Recruiter User which will manage the user account;
- Contact details of the representative / contact person / empowered person of Recruiter
- User which will manage the user account (e-mail address, telephone number, address)
- cardholder name;
- depending on the selected payment method, also data relating to your bank account and your debit/credit card details will be processed by our payment provider.
- any other Personal Data that Parties agree to share in writing.
The Company provides the following Personal Data (personal data provided by Candidates in their user account and in their CV) to Recruiter User:
- basic personal data ( full name, age /date of birth, gender, address, e-mail address, telephone number, nationality)
- education & professional experience & affiliations (education & training history, qualifications / certifications, languages , previous and current employer information, previous work history, trade union membership)
- business activities
- family, lifestyle & social circumstances (marital status, ethnicity)
- photographic, video , location information and tracking data
- financial expectations